7586 matches found
PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities
No description provided by source. \ \ \ / / /\ \ / /| \ / \ | \ \ //\ \ / / / / ruling the web since 9/2008 "Word is born Fight the war fuck the norm!" = "PHP Script Forum Hoster" Multiple vulnerabilities Vendor : http://www.shop-020.de Download :...
Ez Album Persistent Cross Site Scripting
/ Ez Album XSS Script Injection Vulnerability Discovered by : MizoZ Contact : [email protected] Date : July 29 2009 Greetings : Moudi , Zuka, All friends / We can inject HTML Scripts from the add comment , not in the comment but in the name input . exemple :...
Phorum 5.2.11 - Persistent Cross-Site Scripting
//----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and MySQL based Open Source forum...
Vulnerabilities in LinksExchanger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в LinksExchanger. XSS: POST запрос на странице http://site/links/submit.php "body onload="alertdocument.cookie" В полях: Ваше имя или ник, Текстовое описание Вашей ссылки. Это persistent XSS - при заходе на страниц...
CGI Generic XSS (quick test)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These...
Joomla! < 1.5.11 JA_Purity Template Multiple XSS
The version of Joomla! running on the remote host is prior to 1.5.11. It is, therefore, affected by multiple, persistent cross-site scripting XSS vulnerabilities in the JAPurity template. An unauthenticated, remote attacker can exploit these, by convincing a user to follow a specially crafted URL...
[ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS
============================================= INTERNET SECURITY AUDITORS ALERT 2009-006 - Original release date: April 5th, 2009 - Last revised: June 5th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.4/10 CVSS Base Score ============================================= I. VULNERABILITY...
Joomla! 1.5.10 JA_Purity Cross Site Scripting
============================================= INTERNET SECURITY AUDITORS ALERT 2009-006 - Original release date: April 5th, 2009 - Last revised: June 5th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.4/10 CVSS Base Score ============================================= I. VULNERABILITY...
CVE-2009-1915
Stack-based buffer overflow in the URL Search Hook ICQToolBar.dll in ICQ 6.5 allows remote attackers to cause a denial of service persistent crash and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder...
Old phishing sites still sending spam, attracting victims
The cooperative effort of ISPs, security vendors, volunteer groups and other interested parties has helped develop a quick and efficient method for taking down phishing sites, usually within hours or days of their appearance. However, many phishing sites that have been up for a week or more still...
CVE-2008-6758
Cross-site request forgery CSRF vulnerability in cartsave.php in ViArt Shop aka Shopping Cart 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting XSS attacks via the cartname parameter in a save action...
Cross site scripting
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
CVE-2009-1414
CVE-2009-1414 pertains to Google Chrome 2.0.x, where modifications to the global object can persist across a page transition. The connected sources describe this as enabling universal XSS attacks via unspecified vectors, with the base CVSS v2 score listed as 4.3 (Medium) and an attacker that does...
CVE-2009-1414
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
Rittal CMC-TC Processing Unit II Multiple Vulnerabilities
No description provided by source. Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal CMC-TC PU II Web...
Researchers unveil persistent BIOS attack methods
Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level–without the use of any vulnerability. That was the rather sobering message delivered by a pair of security researchers from Core Security Technologies i...
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
Joomla Djice Shoutbox v 1.0 alert'XaDoS' or '"alert'XSS By XaDoS' the XSS become permanent in every page of site! not critical damage but it's not funny.. + D3M0: http://www.djiceatwork.com contact me at xados @ hotmail . it www.securitycode.it milw0rm.com 2009-03-10...
RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability
Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta +...
NovaBoard <= 1.0.1 / XSS Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org eNYe-Sec - www.enye-sec.org -- About...
NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability
Exploit for unknown platform in category web applications ========================================================= NovaBoard alertdocument.cookie you can also send the user cookie to another site Non-persistent XSS:...